BridgeReth unstake() and withdraw() function could become unavailable if the deposit delay is set to a non-zero value
Summary
The BridgeReth unstake() and withdraw() function can become unavailable, rETH tokens have a deposit delay that prevents any user who has recently deposited to transfer or burn tokens. Currently the deposit delay is set to 0, effectively having no impact.
Vulnerability Details
Concerning the deposit delay, currently this is not a problem, since the delay is set to 0 (check getRethDepositDelay). In the past this delay was set to 5760 blocks mined (~19h). In this case the effect would be not only on BridgeReth unstake() but also on withdraw().
Impact
In the case that the deposit delay is set to a non-zero value, the impact is more significant since the unstake and withdraw could be unavailable for a long period of time, or even be DOS by a grifter. However the value does not seem to be planed to be changed for a non zero value in the future.
Recommendations
Consider if it is worth to add a way to deal with the possible deposit delay. Maybe a pause to deposits set by an admin could be warranted for this specific case, so that users can unstake and withdraw.
Prize pool breakdown
Live
The contest is live. Earn rewards by submitting a finding.
Appeals
This is your time to appeal against judgements on your submissions.
Appeals Review
Appeals are being carefully reviewed by our judges.